From 6db62b4ea91f50e61cc20aa1e5e434a7d52e3dfc Mon Sep 17 00:00:00 2001 From: Nicolas Date: Tue, 28 Apr 2026 14:46:32 +0200 Subject: [PATCH] error fix --- Setup-ByteTrail-AD.ps1 | 189 ++++++++++++++++++++++++++++------------- 1 file changed, 130 insertions(+), 59 deletions(-) diff --git a/Setup-ByteTrail-AD.ps1 b/Setup-ByteTrail-AD.ps1 index 05ada40..9a19f02 100644 --- a/Setup-ByteTrail-AD.ps1 +++ b/Setup-ByteTrail-AD.ps1 @@ -17,7 +17,7 @@ Write-Host "`n=== ByteTrail AD Setup gestartet ===" -ForegroundColor Cyan # ============================================================ # 1. OU-STRUKTUR # ============================================================ -Write-Host "`n[1/3] Erstelle OU-Struktur..." -ForegroundColor Yellow +Write-Host "`n[1/4] Erstelle OU-Struktur..." -ForegroundColor Yellow $OUs = @( "OU=Geschaeftsfuehrung,$DomainDN", @@ -30,18 +30,31 @@ $OUs = @( foreach ($OU in $OUs) { $OUName = ($OU -split ",")[0] -replace "OU=", "" - if (-not (Get-ADOrganizationalUnit -Filter "DistinguishedName -eq '$OU'" -ErrorAction SilentlyContinue)) { - New-ADOrganizationalUnit -Name $OUName -Path $DomainDN -ProtectedFromAccidentalDeletion $true - Write-Host " [+] OU erstellt: $OUName" -ForegroundColor Green - } else { + try { + $existing = Get-ADOrganizationalUnit -Identity $OU -Server $Domain -ErrorAction Stop Write-Host " [~] OU existiert bereits: $OUName" -ForegroundColor Gray + } catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { + try { + New-ADOrganizationalUnit -Name $OUName -Path $DomainDN -ProtectedFromAccidentalDeletion $true -Server $Domain -ErrorAction Stop + Write-Host " [+] OU erstellt: $OUName" -ForegroundColor Green + } catch { + Write-Host " [!] FEHLER beim Erstellen von OU '$OUName': $_" -ForegroundColor Red + } + } catch { + # Anderer Fehler beim Pruefen - versuche trotzdem zu erstellen + try { + New-ADOrganizationalUnit -Name $OUName -Path $DomainDN -ProtectedFromAccidentalDeletion $true -Server $Domain -ErrorAction Stop + Write-Host " [+] OU erstellt: $OUName" -ForegroundColor Green + } catch { + Write-Host " [!] FEHLER beim Erstellen von OU '$OUName': $_" -ForegroundColor Red + } } } # ============================================================ # 2. AD-GRUPPEN # ============================================================ -Write-Host "`n[2/3] Erstelle AD-Gruppen..." -ForegroundColor Yellow +Write-Host "`n[2/4] Erstelle AD-Gruppen..." -ForegroundColor Yellow $Groups = @( @{ Name = 'GRP-GF-VOLLZUGRIFF'; Description = 'Geschaeftsfuehrung - Vollzugriff' } @@ -58,24 +71,46 @@ $Groups = @( ) foreach ($Group in $Groups) { - if (-not (Get-ADGroup -Filter "Name -eq '$($Group.Name)'" -ErrorAction SilentlyContinue)) { - New-ADGroup ` - -Name $Group.Name ` - -SamAccountName $Group.Name ` - -GroupScope Global ` - -GroupCategory Security ` - -Description $Group.Description ` - -Path "OU=Gruppen,$DomainDN" - Write-Host " [+] Gruppe erstellt: $($Group.Name)" -ForegroundColor Green - } else { + try { + $existing = Get-ADGroup -Identity $Group.Name -Server $Domain -ErrorAction Stop Write-Host " [~] Gruppe existiert bereits: $($Group.Name)" -ForegroundColor Gray + } catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { + try { + New-ADGroup ` + -Name $Group.Name ` + -SamAccountName $Group.Name ` + -GroupScope Global ` + -GroupCategory Security ` + -Description $Group.Description ` + -Path "OU=Gruppen,$DomainDN" ` + -Server $Domain ` + -ErrorAction Stop + Write-Host " [+] Gruppe erstellt: $($Group.Name)" -ForegroundColor Green + } catch { + Write-Host " [!] FEHLER beim Erstellen von Gruppe '$($Group.Name)': $_" -ForegroundColor Red + } + } catch { + try { + New-ADGroup ` + -Name $Group.Name ` + -SamAccountName $Group.Name ` + -GroupScope Global ` + -GroupCategory Security ` + -Description $Group.Description ` + -Path "OU=Gruppen,$DomainDN" ` + -Server $Domain ` + -ErrorAction Stop + Write-Host " [+] Gruppe erstellt: $($Group.Name)" -ForegroundColor Green + } catch { + Write-Host " [!] FEHLER beim Erstellen von Gruppe '$($Group.Name)': $_" -ForegroundColor Red + } } } # ============================================================ # 3. BENUTZER # ============================================================ -Write-Host "`n[3/3] Erstelle Benutzer..." -ForegroundColor Yellow +Write-Host "`n[3/4] Erstelle Benutzer..." -ForegroundColor Yellow # Schema: Vorname, Nachname, Abteilung, OU, Gruppen[] $Users = @( @@ -156,6 +191,10 @@ $Users = @( @{ Vorname="Yannick"; Nachname="Frank"; Abt="Service"; OU="OU=Service,$DomainDN"; Gruppen=@("GRP-SVC-FILES","GRP-ALL-EMAIL"); Title="Servicemitarbeiter" } ) +$UserCreatedCount = 0 +$UserExistsCount = 0 +$UserErrorCount = 0 + foreach ($User in $Users) { # Benutzername: vorname.nachname (Umlaute ersetzen) $Sam = ($User.Vorname + "." + $User.Nachname).ToLower() @@ -164,34 +203,57 @@ foreach ($User in $Users) { $UPN = "$Sam@$Domain" $EmailAddr = "$Sam@$MailDomain" - if (-not (Get-ADUser -Filter "SamAccountName -eq '$Sam'" -ErrorAction SilentlyContinue)) { - New-ADUser ` - -SamAccountName $Sam ` - -UserPrincipalName $UPN ` - -GivenName $User.Vorname ` - -Surname $User.Nachname ` - -Name "$($User.Vorname) $($User.Nachname)" ` - -DisplayName "$($User.Vorname) $($User.Nachname)" ` - -Department $User.Abt ` - -Title $User.Title ` - -EmailAddress $EmailAddr ` - -Path $User.OU ` - -AccountPassword $DefaultPW ` - -PasswordNeverExpires $false ` - -ChangePasswordAtLogon $true ` - -Enabled $true + $UserCreated = $false - Write-Host " [+] User erstellt: $Sam ($($User.Abt))" -ForegroundColor Green - } else { + try { + $existing = Get-ADUser -Identity $Sam -Server $Domain -ErrorAction Stop Write-Host " [~] User existiert bereits: $Sam" -ForegroundColor Gray + $UserExistsCount++ + $UserCreated = $true # User existiert, Gruppen trotzdem zuweisen + } catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { + try { + New-ADUser ` + -SamAccountName $Sam ` + -UserPrincipalName $UPN ` + -GivenName $User.Vorname ` + -Surname $User.Nachname ` + -Name "$($User.Vorname) $($User.Nachname)" ` + -DisplayName "$($User.Vorname) $($User.Nachname)" ` + -Department $User.Abt ` + -Title $User.Title ` + -EmailAddress $EmailAddr ` + -Path $User.OU ` + -AccountPassword $DefaultPW ` + -PasswordNeverExpires $false ` + -ChangePasswordAtLogon $true ` + -Enabled $true ` + -Server $Domain ` + -ErrorAction Stop + + Write-Host " [+] User erstellt: $Sam ($($User.Abt))" -ForegroundColor Green + $UserCreatedCount++ + $UserCreated = $true + } catch { + Write-Host " [!] FEHLER beim Erstellen von User '$Sam': $_" -ForegroundColor Red + $UserErrorCount++ + } + } catch { + Write-Host " [!] FEHLER beim Pruefen von User '$Sam': $_" -ForegroundColor Red + $UserErrorCount++ } - # Gruppen zuweisen - foreach ($Gruppe in $User.Gruppen) { - try { - Add-ADGroupMember -Identity $Gruppe -Members $Sam -ErrorAction Stop - } catch { - Write-Warning " Gruppe '$Gruppe' konnte nicht zugewiesen werden: $_" + # Gruppen zuweisen - nur wenn User existiert oder gerade erstellt wurde + if ($UserCreated) { + foreach ($Gruppe in $User.Gruppen) { + try { + Add-ADGroupMember -Identity $Gruppe -Members $Sam -Server $Domain -ErrorAction Stop + } catch { + if ($_.Exception.Message -like "*already a member*" -or $_.Exception.Message -like "*ist bereits Mitglied*") { + # Stille Warnung - User ist schon in der Gruppe + } else { + Write-Warning " Gruppe '$Gruppe' konnte nicht zugewiesen werden: $_" + } + } } } } @@ -205,31 +267,40 @@ $SvcSam = "svc-mailserver" $SvcUPN = "$SvcSam@$Domain" $SvcPW = ConvertTo-SecureString 'Mail$3rv!ceAcc2026' -AsPlainText -Force -if (-not (Get-ADUser -Filter "SamAccountName -eq '$SvcSam'" -ErrorAction SilentlyContinue)) { - New-ADUser ` - -SamAccountName $SvcSam ` - -UserPrincipalName $SvcUPN ` - -Name "Mailserver Service Account" ` - -DisplayName "Mailserver Service Account" ` - -Description "Service-Account fuer Docker-Mailserver LDAP-Bind" ` - -Path "OU=Server,$DomainDN" ` - -AccountPassword $SvcPW ` - -PasswordNeverExpires $true ` - -ChangePasswordAtLogon $false ` - -CannotChangePassword $true ` - -Enabled $true - Write-Host " [+] Service-Account erstellt: $SvcSam" -ForegroundColor Green -} else { +try { + $existing = Get-ADUser -Identity $SvcSam -Server $Domain -ErrorAction Stop Write-Host " [~] Service-Account existiert bereits: $SvcSam" -ForegroundColor Gray +} catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { + try { + New-ADUser ` + -SamAccountName $SvcSam ` + -UserPrincipalName $SvcUPN ` + -Name "Mailserver Service Account" ` + -DisplayName "Mailserver Service Account" ` + -Description "Service-Account fuer Docker-Mailserver LDAP-Bind" ` + -Path "OU=Server,$DomainDN" ` + -AccountPassword $SvcPW ` + -PasswordNeverExpires $true ` + -ChangePasswordAtLogon $false ` + -CannotChangePassword $true ` + -Enabled $true ` + -Server $Domain ` + -ErrorAction Stop + Write-Host " [+] Service-Account erstellt: $SvcSam" -ForegroundColor Green + } catch { + Write-Host " [!] FEHLER beim Erstellen von Service-Account '$SvcSam': $_" -ForegroundColor Red + } +} catch { + Write-Host " [!] FEHLER beim Pruefen von Service-Account '$SvcSam': $_" -ForegroundColor Red } # ============================================================ # ZUSAMMENFASSUNG # ============================================================ Write-Host "`n=== Setup abgeschlossen ===" -ForegroundColor Cyan -Write-Host "OUs: $($OUs.Count) erstellt" -ForegroundColor White -Write-Host "Gruppen: $($Groups.Count) erstellt" -ForegroundColor White -Write-Host "User: $($Users.Count) erstellt (+ 1 Service-Account)" -ForegroundColor White +Write-Host "OUs: $($OUs.Count) konfiguriert" -ForegroundColor White +Write-Host "Gruppen: $($Groups.Count) konfiguriert" -ForegroundColor White +Write-Host "User: $UserCreatedCount neu erstellt, $UserExistsCount bereits vorhanden, $UserErrorCount Fehler (+ 1 Service-Account)" -ForegroundColor White Write-Host "`nStandard-Passwort User: ByteTrail2026! (Benutzer muessen es beim ersten Login aendern)" -ForegroundColor Yellow Write-Host "Service-Account Mailserver: $SvcSam / Mail`$3rv!ceAcc2026" -ForegroundColor Yellow Write-Host "Mail-Domain: $MailDomain" -ForegroundColor White